Vulnerability Details CVE-2021-29502
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 4.0
References
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
Products affected by CVE-2021-29502
-
cpe:2.3:a:warnsystem_project:warnsystem:-
-
cpe:2.3:a:warnsystem_project:warnsystem:1.1
-
cpe:2.3:a:warnsystem_project:warnsystem:1.2
-
cpe:2.3:a:warnsystem_project:warnsystem:1.3
-
cpe:2.3:a:warnsystem_project:warnsystem:1.3.11
-
cpe:2.3:a:warnsystem_project:warnsystem:1.3.8